US8831214B2ActiveUtilityA1

Password self encryption method and system and encryption by keys generated from personal secret information

Assignee: SHAIK CHEMANPriority: May 29, 2008Filed: Mar 12, 2009Granted: Sep 9, 2014
Est. expiryMay 29, 2028(~1.9 yrs left)· nominal 20-yr term from priority
Inventors:Cheman Shaik
H04L 9/0844H04L 2209/56H04L 9/002H04L 9/302
65
PatentIndex Score
2
Cited by
133
References
17
Claims

Abstract

A public key cryptographic system and method is provided for a password or any other predefined personal secret information that defeats key factoring and spoofing attacks. The method adopts a new technique of encrypting a password or any predefined secret information by a numeric function of itself, replacing the fixed public key of the conventional RSA encryption. The whole process involving key generation, encryption, decryption and password handling is discussed in detail. Mathematical and cryptanalytical proofs of defeating factoring and spoofing attacks are furnished.

Claims

exact text as granted — not AI-modified
I claim: 
     
       1. A method comprising
 using a server computer to select a first original text password of a first user from a plurality of original text passwords for a plurality of corresponding users stored in a web application's user table in a computer server database; 
 using the server computer to generate a first key based at least in part on the first original text password; 
 storing the first key against the first original text password in the web application's user table in the computer server database; 
 receiving at the server computer an identification of the first user; and 
 using the server computer to retrieve from the web application's user table the first key based on the identification of the first user; 
 sending the first key, from the server computer to a first client computer; 
 encrypting a first set of information by use of the first client computer by using the first key to form a first set of encrypted information; and 
 sending the first set of encrypted information from the first client computer to the server computer. 
 
     
     
       2. The method of  claim 1  further comprising
 using the first original text password as a digital certificate of the first user and digitally signing messages using a public key generated from the first original text password. 
 
     
     
       3. The method of  claim 2  further comprising
 verifying a digital signature of the first user by using a private key generated from the first original text password. 
 
     
     
       4. The method of  claim 1  wherein
 the step of encrypting information by using the first key is implemented using a layer underlying communication between the client computer which is used as the sender and the server computer. 
 
     
     
       5. The method of  claim 4  wherein
 the layer includes a web browser. 
 
     
     
       6. The method of  claim 4  wherein
 the layer includes a web page. 
 
     
     
       7. The method of  claim 1  further comprising
 decrypting messages from the server computer to the client computer using a public key generated from the first original text password in order to secure information communicated both from the server computer to the client computer and from the client computer to the server computer. 
 
     
     
       8. The method of  claim 1  further comprising
 encrypting a message digest by using a public key generated from the first original text password. 
 
     
     
       9. The method of  claim 8  further comprising
 decrypting the encrypted message digest by using a private key generated from the first original text password. 
 
     
     
       10. The method of  claim 1  wherein
 the server computer is comprised of a plurality of computers. 
 
     
     
       11. The method of  claim 1  further wherein
 the server computer retrieves from the web application's user table the first key based only on the identification of the first user. 
 
     
     
       12. The method of  claim 1  further wherein
 the server computer retrieves from the web application's user table the first key without using any password of the first user. 
 
     
     
       13. The method of  claim 1  further comprising
 using the server computer to select a second original text password of a second user from the plurality of original text passwords for the plurality of corresponding users stored in the web application's user table in the computer server database; 
 using the server computer to generate a second key based at least in part on the second original text password; 
 storing the second key against the second original text password in the web application's user table in the computer server database; 
 receiving at the server computer an identification of the second user; and 
 using the server computer to retrieve from the web application's user table the second key based on the identification of the second user; 
 sending the second key, from the server computer to a second client computer; 
 encrypting a second set of information by use of the second client computer by using the second key to form a second set of encrypted information; and 
 sending the second set of encrypted information from the second client computer to the server computer. 
 
     
     
       14. The method of  claim 13  wherein
 the server computer retrieves from the web application's user table the first key based only on the identification of the first user. 
 
     
     
       15. The method of  claim 13  further wherein
 the server computer retrieves from the web application's user table the first key without using any password of the first user. 
 
     
     
       16. The method of  claim 13  further comprising
 using the server computer to decrypt the first set of encrypted information by using the first key; and 
 using the server computer to decrypt the second set of encrypted information by using the second key. 
 
     
     
       17. The method of  claim 1  further comprising
 using the server computer to decrypt the first set of encrypted information by using the first key.

Join the waitlist — get patent alerts

Track US8831214B2 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.